As both cloud use and spend increase, enterprises need to implement automated cloud governance. IT leaders must avoid impeding the agility that cloud provides while ensuring efficient cloud spend and reducing risk. In this webinar, we will cover 10 automated policies that every enterprise should have as part of IT governance best practices for cloud.
3. ● Developing a cloud governance process
● How to maintain agility and flexibility of cloud use
● How to automate the remediation of policy violations
● 10 automated policies that should be your top priority
Agenda
2
7. A Common Policy Engine
RightScale
Cloud Management Platform
Orchestrate, automate and govern workloads
across all your environments.
VIRTUAL
SERVERS
PUBLIC
CLOUDS
ANY CLOUD
SERVICE
PRIVATE
CLOUDS
BARE METAL
SERVERS
CONTAINER
CLUSTERS
RightScale
Optima
Work collaboratively across the organization
to manage and optimize clouds costs.
RIGHTSCALE
EXTENSIBLE ORCHESTRATION API
Policy-Based Governance
User access controls and policies
8. Maturing Your Management of Cloud
7
Reactive Responsive PreventativeProactive
Fire drill Manual policies and
processes
Automated policies
and processes
Prevent issues
before they occur
Automated Policies
10. From Alert Only to Fully Automated Resolution
9
Alert only
Alert
Approval
Automated
resolution
Fully
automated
resolution
Move toward full automation as you gain confidence in policy conditions
11. Policies Go Beyond Costs
10
Policies
Define and enforce governance rules
Cost
Unattached volumes
Old snapshots
Unused RIs
Underutilized VMs
...and more
Security
Unsecured storage
Open security groups
Disallowed ports
Open IAM policies
...and more
Compliance
Untagged resources
Invalid tags
Disallowed
configurations
...and more
Operational
No recent snapshots
No DB backup
No required alerts
Upsize instances
...and more
12. Customizing Out-of-the-Box Policies
11
Find untagged
resources
Apply default tags
when possible
Send an email
alert/report
Find untagged
resources
Apply default tags
when possible
Create a JIRA
ticket
Wait 48 hours and
terminate/delete
Out-of-the-Box Policy
“Tag Checker”
Customized Policy
“Delete Untagged”
Update resolution
in JIRA ticket
15. Policy: Reserved Instance Alerts
14
RI < 95%
utilized?
Y
Email
Alert/Report
Pass
N
RI Alert Examples:
-Expiration
-Underutilized
-Coverage
16. Policy: Unattached Volumes (UAV)
15
Unattached >
x days?
Y
Email Alert
Pass
Action: Delete
volume
User specified
to delete?
Y
N
Email Alert
N
17. Policy: Downsize Instances
16
< x% avg CPU
and <y% max
mem used
Y
Email Alert
No action
Action:
Downsize
User specified
to downsize?
Y
N
Email Alert
N
18. Policy: Instance Scheduling via Tags
17
After shutdown &
before start time
Action: Stop
instance
Y
After start time &
before shutdown
Action: Start
instance
Y
Tag Syntax Example (M-F 8-5):
instance:schedule=8-17;MO,TU,WE,TH,FR;America/New_York
21. Policy: Security Group Anomalies
20
SG Has
Anomalies
Y
Email Alert
Pass
N
SG Anomaly Examples:
-High Open Ports
-ICMP Enabled
-Rules without Descriptions
22. Policy: Open Storage Buckets
21
Public storage
bucket?
Y
Email Alert
Pass
Action: Make
private
Check if
public tag?
N
Y
Pass
Slack Alert
N
24. Policy: No Recent Volume Snapshots
23
Volume has no
snapshots in last
x days
Y
Email Alert
No action
Action: Take
snapshot
User specified
to downsize?
Y
N
Email Alert
N
26. Policy: Tag Checker
25
Has required
tag?
Has valid
value?
Y
N
Can auto-tag?
Y
N
Email Alert
Y
N
Fixed after x
hours?
Pass
Pass
Y
Action:
Terminate
N